makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-169] Stop loop through referer dir in top directory

Browse source 
SECURITY-169
This commit is contained in:
Marc Alexander 2014-11-09 22:29:25 +01:00
parent 0e772afb9d
commit 9bb302b92c
2 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/phpbb/path_helper.php
View file

@ -278,10 +278,16 @@ class path_helper
$referer_dir = dirname($referer_dir); $referer_dir = dirname($referer_dir);
} }
while (strpos($absolute_board_url, $referer_dir) !== 0) while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0)
{ {
$fixed_root_path .= '../'; $fixed_root_path .= '../';
$referer_dir = dirname($referer_dir); $referer_dir = dirname($referer_dir);
// Just return phpbb_root_path if we reach the top directory
if ($referer_dir === '.')
{
return $this->phpbb_root_path;
}
} }
$fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1); $fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1);

15
tests/path_helper/path_helper_test.php
View file

@ -411,6 +411,21 @@ class phpbb_path_helper_test extends phpbb_test_case
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'../community/', '../community/',
), ),
array(
'http://www.phpbb.com/foobar',
'http://www.phpbb.com',
'',
),
array(
'http://www.foobar.com',
'http://www.phpbb.com',
'/www.phpbb.com/',
),
array(
'foobar',
'http://www.phpbb.com/community',
'',
)
); );
} }